How insurers can manage third-party contractors for AI

With an increasing number of insurers looking to outsource artificial intelligence expertise, law firm Locke Lord has outlined ways they can use addenda to better manage third-party contractors for this use.

In a webinar addressing ethical use of AI in insurance, Locke Lord experts noted that use of third-party contractors is expected to be a trend in 2024. This is the case not just in insurance but even for regulators and state insurance departments.

“Third-party vendor management is huge. We think the NAIC (National Association of Insurance Commissioners) is going to be looking at that,” Paige Waters, Locke Lord Chicago partner, said.

However, the challenge is in how third-party vendors can be held responsible for the requirements of AI under the insurance regulatory guidance that is still being developed.

This is particularly a concern as Locke Lord experts have predicted a potential increase in legal action such as lawsuits over the discriminatory or unethical use of AI in insurance in the months ahead.

However, Waters outlined several items addenda can address in a way that would help insurance firms better manage third-party contractors with respect to AI use.

Managing AI risk

One of the major reasons why an addendum may be necessary is to give insurers a way to manage the risk associated with using a third-party for AI.

“We are not confident that when we say to our vendors, ‘Tell us everything you're doing with AI, how you're using it, what you're doing with the data,’ that you are going to get the answers quickly and efficiently and in a form that you can understand them,” Waters said.

“So, you can just indemnify against the risk, and that's all going to be done in your contracting with the third-party vendor.”

Instead of a long and difficult process of going back-and-forth in negotiations with a contractor, Waters said addenda present a way to streamline the process.

“What we're seeing is companies are creating a separate addendum that is to supplement the existing vendor contract.”

This addendum is separately negotiated, has different terms and conditions, and even has different definitions, she said.

“There will have to be specific definitions that deal with AI and AI terminology, and then those definitions are going to need to be read in conjunction with the definitions in the underlying contracts.”

More control

Waters described in depth how addenda can allow insurance companies to implement specific requirements for AI use, even down to which tools are used.

Firms can introduce specific requirements that state vendors cannot use any AI unless the company approves of it, which can be done on a case-by-case basis. They can also include confidentiality provisions and specific restrictions on the extent to which contractors can use AI.

“Where we're seeing a lot of those prohibitions is in the area of the insurance company saying to the vendor, ‘You cannot use my customer's information or any information that I give you, third party vendor. You cannot use that data to train a model. You have to keep that information confidential.’”

Addenda can also have built-in requirements for contractors to demonstrate the controls they have in place to limit access to private information by people using or involved in the AI process. Waters suggested that vendors have readily available written policies and procedures in this regard.

“Insurance companies are going to want to make sure that, to the extent that you're using AI, you're testing the AI, you're making sure that the outputs are not discriminatory or resulting in some type of unlawful practice,” she said.

Avoiding penalties and legal action

Locke Lord expects there to be closer scrutiny of how AI is used in insurance in 2024. As such, Waters said TPC addenda should include built-in rights to audit.

“Not only do you need to have audit rights in the contract, from a regulatory perspective, you will want to actually audit the vendors because that will mitigate your liability and your regulatory liability when the regulators come to you,” she said.

Waters also noted addenda can have separate provisions for how legal issues can be handled.

“Some companies will probably want to put an arbitration provision in there so that they can address any issues with the vendor specifically relating to AI through arbitration and not through litigation open to the public,” she noted.

While explaining that these are just some of the best practices, Waters also acknowledged “it's going to be very complicated dealing with these issues because there are a lot of issues” with AI use.

“You're going to want to understand the terms of service of the AI products that the vendors are either creating themselves or using, or their use of third-party AI applications,” she said.

Locke Lord was formed in 2007 as a merger between Locke Liddell & Sapp and Lord Bissell & Brook LLP. Its key sectors include finance & financial services, insurance & reinsurance, private equity, energy & infrastructure and pharmaceuticals.

Rayne Morgan is a content marketing manager with PolicyAdvisor.com and a freelance journalist and copywriter.

© Entire contents copyright 2024 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

Rayne Morgan is a journalist, copywriter, and editor with over 10 years' combined experience in digital content and print media. You can reach her at [email protected].